A growing number of software applications have security requirements before they can be run on a host computer. For instance, applications for securing an access to a mobile network, for securing bank transactions or for guaranteeing a remote encrypted data access are often based on an authenticity test. User authentication is carried out by collecting a password on a host computer. A cryptoprocessor located in a security token checks the authenticity of the input password before the execution of the application is validated.
Host computers in charge of executing security applications may belong to a wide range of users. Such host computers may be insufficiently protected, either because the operating system has intrinsic failures or was not correctly updated, or because the computer does not run an appropriate antivirus or firewall. Distributors of security tokens do not have a good hold on the security level of the host computers of the end users. Thus, even if the security provided by a security token is satisfactory, it can be circumvented by a fraudulent use of a host computer to which the token is connected.
Security tokens may store different applications in an embedded non volatile memory. Security tokens may have limited processing capacities in order to keep an acceptable cost. Thus, such security tokens are not suitable for executing all the applications stored therein or cannot provide a user friendly execution environment. Thus, some security applications either have to be uploaded or stored in the host computer. A fraudulent uploading or execution can be prevented through authentication. The applications can be launched and can use authentication parameters provided by the cryptoprocessor. A secured channel between the launched application and the cryptoprocessor is usually used to preserve the confidentiality of the communication. However, even if strong cryptographic algorithms are used for the secured channel, the security of the host computer can reveal insufficient like recited previously.
For instance, if the cryptoprocessor and the application firstly agree on initial pre-shared keys to be used on the secured channel, an attacker could carry out some reverse-engineering on the application executed on the host computer. The attacker could then devise a virus that would systematically use or break the secure channel on other devices embedding this application. Another attack consists in hooking to the entry point of the layer managing the secure channel to discreetly use its features. Still another attack could spy sensitive data before they are encrypted. Thus, all the security tokens providing identical applications could be subject to corresponding attacks.
To overcome this problem, running such applications in a trusted environment on the host computer is not very flexible and is not applicable to any host computer.